A lightweight noise-tolerant encryption scheme for secure communication: An unmanned aerial vehicle application

In the modern era, researchers have focused a great deal of effort on multimedia security and fast processing to address computational processing time difficulties. Due to limited battery capacity and storage, Unmanned Aerial Vehicles (UAVs) must use energy-efficient processing. In order to overcome the vulnerability of time inefficiency and provide an appropriate degree of security for digital images, this paper proposes a new encryption system based on the bit-plane extraction method, chaos theory, and Discrete Wavelet Transform (DWT). Using confusion and diffusion processes, chaos theory is used to modify image pixels. In contrast, bit-plane extraction and DWT are employed to reduce the processing time required for encryption. Multiple cyberattack analysis, including noise and cropping attacks, are performed by adding random noise to the ciphertext image in order to determine the proposed encryption scheme’s resistance to such attacks. In addition, a variety of statistical security analyses, including entropy, contrast, energy, correlation, peak signal-to-noise ratio (PSNR), and mean square error (MSE), are performed to evaluate the security of the proposed encryption system. Moreover, a comparison is made between the statistical security analysis of the proposed encryption scheme and the existing work to demonstrate that the suggested encryption scheme is better to the existing ones.


Introduction
UAVs are popularly known as drones can be used in real-time applications such as security, communication, transfer of payload, and rescue operations. Drones help us to communicate with other parties where it is difficult to access for humans. Initially, UAVs were used independently, but nowadays, they are integrated with other UAVs to communicate with each other [1][2][3]. During transmission of data among the UAVs, the attacker can also launch their drone to steal the information which is transmitted between the authentic UAVs or from the UAVs to the ground station. the encryption computational time of such techniques is high which is not suitable for realtime applications. However,the encryption proposed in [16][17][18] can be considered for mobile applications as their performance in terms of computational speed is suitable for such applications.
To reduce time complexity, images can be encrypted using chaos and transformation techniques such as Discrete Cosine transform (DCT) and DWT [19][20][21][22][23][24][25][26][27][28]. In the past few years, chaos has played a vital role in image encryption due to its some unique features such as sensitivity in initial conditions, unpredictability, pseudo randomness, ergodicity, and non-deterministic behavior [29][30][31][32][33][34]. Chaotic systems can be divided into low-dimensional and highdimensional maps. In low-dimensional chaotic maps such as chaotic sine map and chaotic logistic map consists of less number of initial conditions and control parameters [35,36]. This makes them easy to implement with fewer resources. On the other side, high-dimensional chaotic maps such as hyper chaotic map and Lorenz system chaos consist of a significant number of initial and control parameters [37,38]. Although the structure of the high-dimensional chaotic maps is complex, but it occupies more storage and also difficult to implement, requiring more resources and high computational time. Therefore, such high-dimensional chaotic maps are not suitable for real-time applications. The issues of high computational time cannot be ignored in UAVs application as it utilizes limited resources such as finite battery capacity and limited storage that does not allow to store the large data. Storing large data may reduce the computational power of the system [39,40].
To overcome computational time complexity issues and to provide a suitable security to the digital images, a new technique is proposed based on DWt and chaos theory. The major contributions of the proposed work are as follows: • A new image encryption scheme is proposed which is especially designed for such real time applications where less processing time is required.
• A DWT is used to decompose the plaintext image at the 5 th level in order to minimize the computing time required for encryption. When DWT is used to convert a plaintext image into frequency sub-bands, the sub-bands are reduced by a factor of two. The size of the frequency sub-band at the nth level of decomposition will be size of image 2 n . Where n represents the level of decomposition, Therefore, the sub-band size at the 5 th level decomposition will be size of image 2 5 .
• To enhance the security of the proposed encryption scheme, a new algorithm for the generation of noisy images is presented in order to create the diffusion in the plaintext image.
• The cropping and noise attack are carried out by utilising XOR peration to inject random noise into the ciphertext image.
• Several statistical security measures, including entropy, contrast, energy, mean square error, and peak signal-to-noise ratio are conducted to demonstrate the resilience of the proposed encryption scheme The rest of the paper is structured as follows: The section 1 is devoted to related work and flaws in existing work. In section 3, bit-plane extraction methodology is explained with an example in which an image portion of size 3 × 3 is taken from the original image. The overview and the detailed steps of the proposed methodology are explained in sections 4 and 5 respectively. In section 6, the experimental results and analysis of the proposed and existing encryption schemes are presented to show the effectiveness of the proposed encryption scheme over the existing work. In the last, section 7 concluded the proposed work.

Related work
To sort out the issues of computation complexity and providing a high level of security to the digital data, significant research has been carried out in which some of them are based on frequency transformation, and chaotic systems based integrated with substitution boxes (Sboxes) [41][42][43][44][45][46][47][48][49].

Encryption using transform techniques
Pixels do not undergo any direct manipulation in encryption systems that are based on frequency transforms. It does this by converting the pixels into their frequency components, which may then be utilised in conjunction with the Discrete Cosine Transform (DCT), Discrete Fourier Transform (DFT), and Discrete Wavelet Transform (DWT).
Joshi et al. [50] introduced an image encryption technique in their research work. This scheme is intended to protect digital images from any kind of cyberattack. The authors made use of DWT, which involves first converting the plaintext image pixels into its frequency components, such as LL, LH, HL, and HH frequency sub-bands. The LL frequency sub-band stores the majority of the plaintext information, while the other three sub-bands store the finer details. The authors believed that any of these frequency sub-bands may be used effectively to encrypt the plaintext image. As a direct consequence of this, the amount of time required for the calculation is greatly increased. Therefore, when a low processing time is required, it is not ideal to manipulate all of the frequency sub-bands; rather, just the low frequency sub-band should be manipulated (LL).
In [51], Ding et al. suggested an encryption scheme based on DWT and a high-dimensional chaotic map. The high-dimensional map has the potential to provide better safety, but it is challenging to deploy. As a result, the cryptosystem that is suggested in [51] is not appropriate for use in real-time applications. On the other hand, in [52], a method of partial encryption is suggested, which makes use of both DWT and low-dimensional chaotic maps. Despite the fact that the authors' strategy to cut down on the amount of computational time was effective since it made use of a low-dimensional chaotic map, On the other hand, there are two important flaws: (a) compression is employed after encryption, which can cause an increase in the amount of time required for encryption; and (b) the suggested encryption technique is applied to both high-frequency and low-frequency components. Both of these flaws result in an increase in the amount of time required for encryption of the plaintext image.
In [53], Li et al. presented a DWT and chaos-based image encryption scheme. In this technique, the authors encrypted a portion of the low-frequency components of the plaintext image after the image was decomposed into four different frequency sub-bands. Due to the fact that certain sections of the low frequency subbands are encrypted, this technique is lossy in nature. Even if the encrypted version of the plaintext image makes the contents of the plaintext image visible, the original image's pixels are not an exact replica of the original image. As a consequence of this, the approach might be costly in situations in which everybody needs the exact original information. In [54] Li et al. coupled Lifting Wavelet Transform (LWT) with XOR operation to alter the image pixels in order to provide a high degree of security. The resultant XORed images are subjected to further processing in his suggested methodology's compression operation, which ultimately results in a reduction in the size of the ciphertext image. The method has the benefit of requiring a minimal amount of bandwidth for the transmission of the ciphertext image due to the relatively tiny size of the encrypted image. The time required to encrypt a digital image with dimensions of 256 × 256 pixels takes around three seconds, which is a duration that is considered quite excessive for use in real-time applications.

Chaos theory and substitution based encryption techniques
Apart from the transform approaches to encrypt digital images, substitution boxes and chaos theory have played a key role in the field of cryptography. Naseer et al. [55] suggested an encryption method based on chaos-based and substitution permutation networks. The permutation and substitution are applied using the permutation box (P-box) and substitution-permutation box respectively. The authors applied the permutation and substitution one by one on the plaintext image having the size of 256 × 256. As a consequence, encryption computational time may increase. All of the mathematical steps in their proposed encryption scheme can be performed simultaneously to reduce the cost of computing.
Encryption methods that are based on chaos also include S-boxes as a key component. It is vital to utilise a robust S-box that is able to withstand any security attacks in order to improve the efficacy of chaos and substitution-based encryption schemes that also make use of S-boxes. This is done in order to make the schemes more secure. Shafique et al. [42] presented a novel approach to construct an S-box, which was based on a 1-dimensional cubic logistic map (CLM). In his work, 256 elements of the S-box have been created with the help of the CLM. This method ensures that the right initial conditions are applied. In order to demonstrate the effectiveness of the suggested S-box, a number of different security evaluations were carried out. These evaluations included the Bit independent criterion (BIC), the Linear Approximation Probability (LP), and the Differential Approximation Probability (DAP).
Using a single S-box in any encryption technique may reduce the strength of the entire encryption process. The vulnerabilities of utilising a single S-box are addressed in [56]. In [56], Anees et al. presented the solution of employing multiple S-boxes in an encryption scheme to increase the security of the encrypted images. The authors employed numerous S-boxes instead of a single S-box. The selection of a particular S-box is dependent on the random sequence created using a chaotic logistic map. The multiple S-boxes based image encryption exhibited much better results when compared with the single S-box results. However, the pattern of the plaintext image may be seen in the encrypted image. To tackle this problem, Ahmad et al. [57] continue with the technique described in [56], and build another multiple Sbox based image encryption approach which yields considerably better results.
Hua et al. introduced a novel encryption method based on a 2D Sine logistic modular map (SLMM), which is comprised of chaotic sine and logistic maps. [58]. Although both of these chaotic maps exhibit highly non-linear behaviour, it is possible to breach the security of the proposed method by using chaotic signal estimating technologies [59]. Sahteesh et al. [60] employed S-P networks and chaotic maps in their research, which included the use of pixel permutation and diffusion. However, the only XOR operation was used for diffusion purposes, which degrades the security of their proposed algorithm. Liu et al. [61] proposed a new encryption scheme that improved the S-box-based schemes by adding noise and converting the data into blocks. This scheme worked well for images that contained a greater number of grey levels, but it was unable to successfully encrypt images that contained a lower number of grey levels.
The overview of the existing encryption schemes is presented in Table 1 in which several features such as category, advantages, drawbacks and their related possible countermeasures are displayed.
Keeping in mind the issues discussed in this section, in this paper, an encryption scheme is proposed which is time efficient and is capable of providing a significant level of security to the digital images. The proposed encryption scheme is presented specifically for such real time applications in which less processing time is required to encrypt the information. For reducing the computational complexity of the encryption scheme, a DWT is used to decompose the plaintext image at 5 th level decomposition. At the 5 th level decomposition, the size of the plaintext image becomes M 2 5 × N 2 5 . Therefore, at that level, fast encryption may be performed. Moreover, to further reduce the computational complexity of the encryption algorithm, only lowfrequency sub-bands are considered.

Bit plane extraction
For the eight-bit plaintext image, eight bits can be extracted using the Eq (3). Each bit-plane consists of a different amount of plaintext image information. The four least significant bit planes (BP 1 , BP 2 , BP 3 , and BP 4 ) have the least amount of information, as shown in Fig 2. The percentage of information in each bit-plane can be calculated using Eq (2) and the statistical values of information percentage in each bit-plane are displayed in Table 2.

PLOS ONE
From Table 2, it can be seen that most of the plaintext information lies in the most significant bit planes (BP 8 − BP 5 ) and therefore, only such bit-planes are under consideration for the encryption of plaintext image to reduce the encryption computational time.
Apart from the consideration of only most significant bit planes, the simultaneous process of confusion (which refers to scrambling) and diffusion (which refers to the change in the pixel values) also play a vital role to reduces the overall encryption computational time. The process of achieving confusion and diffusion simultaneously is explained in Example 1.   For the extraction of first binary bit-plane (BP 1 bit-plane), LSB 1 of all the pixel values will be considered, and for the extraction of second binary bit-plane (BP 2 bit-plane), LSB 2 of all the pixel values will be considered and so on. The eight extracted binary bit-planes from image I will be: After the scrambling process, combine the binary values which are placed at (1,1) in each scrambled bit-plane. It will return the eight bits of the first pixel value. similarly, for the second pixel value, combine the binary bits which are placed at (1,2) and so on. The resultant image (I 0 ) will be: It can be seen from the image I 0 , the pixel values are completely different from the original image I pixels.

Overview of the proposed encryption scheme
In this scheme, a plaintext image is decomposed into different frequency bands using DWT. To make the proposed scheme time-efficient, a fifth-level DWT decomposition is performed, and only low-frequency components are taken to be dealt with. Apart from the DWT, multiple chaotic maps and the bit-plane extraction method are also used. In the bit-plane extraction method, confusion and diffusion are achieved simultaneously by performing only scrambling operation on extracted bit-planes, which helps to reduce the computational complexity.
The Haar wavelet transform can be represented as Q 0 = HPH T in which P is a plaintext image having equal number of pixel rows and columns i.e the size of image P is R(rows) × R (columns), H represents the Haar transform matrix having the size equal to the plaintext image and Q is the transform matrix which contain the Haar basis function h a (w). Where w 2 [0 1] and a is defined as aj a 2 N^0 � a � R − 1}. It can be decompose uniquely as:

DWT and its role in the proposed scheme
DWT is used to decompose the plaintext image into different frequency components. In every iteration of DWT, the plaintext image divides not four frequency sub-bands such as LL subband, LH sub-band, HL sub-band, and HH sub-band. LL sub-bands correspond to the low-frequency components in which more than 90% of the plaintext information is present as shown in Fig 3. Therefore, to reduce the encryption time, only LL sub-band should consider for the encryption of plaintext image.
In the proposed research, Haar wavelet is used which can be represented as W = HOH p in whcih O is an original image, H shows the haar transform array in which the number of rows (R) and columns (C) are equal to the R and C of the original image and T represents the function of Haar basis Y x (w). Where w 2 [0 1] and x is defined as xj x 2 N^0 � x � R − 1}. It can be split uniquely using Eq (3) [62].
Where f shows the maximum exponential number of 2 and L represents the reminder (L = 2 f − Q). Mathematically, Haar basis function can be defined as: After taking the Haar wavelet transform, the size of each frequency sub-band becomes half of the plaintext image. For instance, if the size of the plaintext image is M × N, the size of each sub-band will be one-half of the plaintext image i.e. M 2 × N 2 . During the second level

Chaotic maps used in the proposed scheme
The proposed scheme is also based on chaotic maps. In the proposed work, the chaotic logistic and chaotic sine maps are used for generating the random sequqences and random image to create the diffusion in the plaintext image. The details of such chaotic aps can be seen in [63,64].
Over the last few years. Chaotic maps are widely used in image encryption due to their tremendous properties such as sensitivity to initial conditions, ability to generate randomness and non-periodicity. Following are the chaotic maps used in the proposed work:

Chaotic logistic map (CLM).
CLM is a one-dimensional chaotic map that is used to generate a random sequence for the permutation of rows of pixels in the plaintext image. The reason for choosing the one-dimensional chaotic map over the high-dimensional maps is easy to implement and comparatively faster. Mathematically, the chaotic map can be written as: Where O 0 and λ are the initial condition and the control parameters respectively. The ranges of these parameters are: To generate the random sequence using CLM, O must lie in the chaotic range. Fig 5(a) shows the bifurcation diagram of the logistic map in which it can be seen that the CLM shows chaotic behavior when the value of O lies in the range [0, 4]. Moreover, the sequence generated using CLM when the value of λ is selected from the chaotic range is shown in Fig 5(b) in which a lot of random values can be seen graphically.

Chaotic sine map (CSM).
Like CLM, CSM is a one-dimensional chaotic map. CSM is used in the proposed work to generate the random vector for the permutations of pixels

PLOS ONE
columns in the plaintext image. CTM is given in Eq (6).
Where y(0) and β are the initial or seed values which lie in the range [0, 1] and [0.87, 1] respectively. The chaotic range for CSM is [0.87, 1]. As it can be seen in Fig 6(a), most of the different values are generated in their chaotic range. Therefore, to generate the maximum random values, the value of α is selected as 0.91. This effect is shown in Fig 6(b).

DWT based proposed encryption scheme
The three major components of the proposed encryption are bit-plane extraction, chaotic maps (logistic and sine map) and DWT. The secret keys which are used in the proposed work are generated using chaotic maps. The process of key generation is given in section 5.1.

Key generation process
1. Iterate Eqs 5 and 6 M × N times using the initial conditions ω, λ, β and y to generate different random values. Such random values are stored in an array known as key − stream(KS).

PLOS ONE
2. The values generated in KS are in the range (0 1). Therefore, to amplify the KS values, any large multiplication factor (N) is used.
3. The amplified values are converted into an integers values by truncating all the numbers which are placed after the decimal point. 4. The values generated in step 3 are now restricted in the range [0 255] using the modulo operation as follows: 5. The sequences X, and Y are used as scrambling keys for the permutation of rows and columns of the bit-planes (BP 8 and BP 7 ).

Encryption procedure
The image encryption scheme proposed in this paper is for-real time applications.
Step wise block diagram of the proposed encryption model is show in Fig 7. While the detail of each step the proposed scheme is given below:

PLOS ONE
• Take a plaintext image of sized M × N and decompose into eight bit-planes. For the encryption procedure, only BP 8 and BP 7 are considered because more than 90% of plaintext information is present in such bit-planes. Therefore, it is not necessary to encrypt all the bitplanes.
• For row and column scrambling, the sequences generated X, Y and Z in the key generation process are used.
• Apply DWt to I 0 up to 5 th level. The size of the LL 5 will be M 2 5 × N 2 5 . For the encryption time reduction, only LL sub-bands will be considered because most of the information of the plaintext image present in the low-frequency sub-bands. The extracted frequency sub-bands are shown in Eqs 10-13.
• For the rows and column permutation of LL 5 frequency band, the sequences X and Y are used.
• Combine both the manipulated images generated in the above two steps and apply the Sbox transformation on them to get substituted image (S image ). The detailed process of Sbox transformation is given in [56].
• To create diffusion in the ciphertext image, XOR is applied on the S image and the random image. The random image is generated according to algorithm 1.

Algorithm 1 Substitution of LL 4 sub-band values with S-box
! K num is a key num which is used to amplify the values stored in �. ! Apply floor function to truncate the fractional digits and stored the result in α.
! To restrict the generated value in the range [0 255], apply modulo function as given below: (17) is used to apply XOR operation on the S image and R image to get final encrypted image.
Encrpted image : The plaintext images and their corresponding encriphered images which are encrypted using the proposed encryption scheme are shown in Fig 8. While the histograms of the plaintext and enciphered images are shown in Fig 9. The two advantages of this scheme are: the computational complexity of the proposed encryption algorithm is low, and the image recovered in its decryption holds the original pixel values. Therefore, it is a lossless encryption scheme.

Security analysis
To gauge the proposed encryption scheme, several statistical security analyses such as entropy, correlation contrast, peak signal to noise ratio, and mean square error. Moreover, apart from the statistical analyses, several attacks such as cropping attacks, noise addition attack and brute force attack are also performed to evaluate the robustness of the proposed encryption.

Histogram analysis
A histogram of an image shows the pixel distribution. The histogram analysis is used to evaluate the performance of the encryption scheme. For the strong encryption scheme, the histogram of the ciphertext image should be flat, uniform, and completely different from the histogram of the plaintext image. The histogram of the plaintext and its corresponding images is shown in Fig 8 where it can be seen that the pixel distribution in the histogram of the plaintext images is fairly uniform, which makes them different from the histogram of the plaintext images. Moreover, the uniformity in the pixel distribution reveals that the proposed encryption scheme can resist the histogram attack.

Histogram variance analysis
Variance is another parameter to evaluate the uniformity of the histogram of the ciphertext images. This metric may be considered more reliable because it gives the statistical values rather than the histogram visualization. Variance can be calculated as [65]: Where P is the pixels stream, P = {p 1 , p 2 , p 3 . . ..,p 256 , p i is the pixel value at L th position and E P ð Þ ¼ 1 256 P 256 L¼1 p i . For strong encryption, variance values should be low. Table 3 shows the different variance values for the enciphered images generated from the proposed and existing encryption schemes. From the variance values, it can be seen that the proposed scheme performs better than the existing ones.

Maximum deviation
A cryptographic algorithm's quality may be determined by the deviation in pixel values between the plaintext and ciphertext images [45]. If the deviation (changes) in pixels between the plaintext and ciphertext images is the maximum, the encryption technique is the more

PLOS ONE
robust in terms of security. Mathematically, maximum deviation can be written as: Where N, and A L represent the total number of gray levels and the amplitude of the difference histogram at index L respectively. A higher value of "M" implies that the ciphertext is significantly different from the plaintext image. The results of the maximum deviation for the proposed method and the existing algorithms are shown in Table 4. According to a comparison of

PLOS ONE
average values of maximum deviations, the suggested encryption algorithm, as well as methods in [66,67], have superior performance than the other comparable schemes. In light of such findings, we may infer that the maximum deviations of the proposed method do not expose any meaningful information regarding the encryption's quality.

Irregular deviation
To check the encryption quality, only M D is not enough. Another metric I D is used to assess the encryption quality of the enciphered image by determining how close the statistical distribution of deviation between the original and enciphered image is to a uniform statistical distribution. I D can be calculated as: Where A L is the peak of the histogram at position L and B H is the average sum of the histogram values. The lower the value of I D , the better the enciphered image quality. The values of I D for the proposed exciting encryption schemes are displayed in Table 5 where it can be seen that the I D values for the proposed encryption method are lower than the existing ones, which reflects the better strength of the proposed encryption scheme when it compares with other.

Entropy
Entropy is used to find the robustness in the plaintext or ciphertext image. More randomness in an image results in a higher value of entropy. This relation is shown in Eq (21): Entropy can be calculated as: Where: k i is the probability of occurrence in the variable i. The maximum entropy value depends on the nature of the image. For instance, if the image is eight-bit, the entropy cannot be exceeded to eight [11]. Similarly, for the binary images, the maximum entropy value can be two. In the proposed scheme, eight-bit images are tested. This means, if the entropy value is close to eight, the proposed scheme can be considered a secure scheme. In Table 6, the entropy values for the different ciphertext images are displayed. Moreover, a comparison with the existing is also shown in Table 6. Where it can be seen that the entropy values for the proposed scheme are much closer to the ideal value which is eight. Also, the entropy values for the existing scheme are less than the entropy values of the proposed encryption scheme.

Correlation
Correlation between the image pixel shows the relationship between the intensity of the pixel values. i.e. how close the pixel values are. Greater the difference between the pixel values shows the minimum correlation [74]. Mathematically, it can be written as: Correlation between the image pixel can be calculated as: Where: E and σ represent the expected value operator and the standard deviation respectively. In the plaintext image, the correlation between the pixel values is always high because the content in the plaintext image can easily be visualized. In contrast, a ciphertext image in which the pixel is properly concealed shows less correlation between the pixels. Therefore, it is always required that the correlation value of pixels in the ciphertext image should be less, so that, no content can be visualized in an encrypted image [75]. Table 7 shows the correlation analysis of the plaintext images, existing schemes, and the proposed scheme. It can be analyzed from Table 7, that the correlation values of the ciphertext images which are generated through the proposed scheme are significantly less than the plaintext images and exiting schemes.

Homogeneity
The ability of combinations of pixel brightness results is represented in tabular form by the GLCM. By performing a homogeneity analysis on the distribution in the (GLCM), one can evaluate how close it is to the diagonal of the distribution. The lower the homogeneity measure, the more effective encryption is considered to be. As illustrated in Table 8, the proposed encryption scheme is more effective as compared to the existing schemes. The homogeneity values can be calculated using Eq (24).
Where x and y represents the pixel rows and columns of the plaintext image (p(x,y)) respectively.

Contrast
Contrast analysis is used to identify the objects in an image. In an enciphered image, the randomness raises the contrast value. Higher contrast values imply better encryption. Mathematically, it can be calculated as [76]: Where q and r are the 8-bit gray level images and γ(q − r) is the gray level occurrence matrix. Contrast values for the proposed and the existing encryption algorithm are reported in Table 9. By analyzing such values, it can be seen that the proposed encryption algorithm works better than comparable schemes.

Energy
The term energy is used to find the amount of information present in the image [9]. More information present in an image shows that the image has more energy. Therefore, for strong encryption, it necessary that the encryption algorithm should be able to generate such type of ciphertext images in which minimum information can be visualized. As the plaintext images contain more information than the ciphertext images, the energy value for the plaintext image is always higher than that of the energy value of the ciphertext images [77]. Mathematically, energy can be represented as: Table 10 shows the comparison of different energy values corresponds to the plaintext images, existing scheme and the proposed encryption scheme. It can be analyzed from Table 10 that the proposed encryption algorithm can generate such ciphertext images which have fewer energy values than that of plaintext images and other existing schemes.

Lossless analysis
To retrieve the exact pixel values of the plaintext image from the ciphertext image, the encryption algorithm must be lossless. To show the encryption algorithm is lossless or not, two different terms Peak signal to noise ratio (PSNR) and mean square error (MSE) are frequently used. Mathematically these terms can be represented as: ðOðw; tÞ À Xðw; tÞÞ PSNR and MSE are two opposite terms. PSNR is used to check the similarity index between the plaintext and ciphertext images. More the similarity between the plaintext and ciphertext image will result in the higher values of PSNR which is not required in image encryption.

PLOS ONE
Therefore, an encryption algorithm having strong security always produced minimum PSNR values. In contrast, MSE is used to evaluate the difference between the two desired images. For strong encryption, the MSE value should be high. Maximum MSE value shows that the plaintext and ciphertext images are completely different from each other [78]. To evaluate the proposed encryption algorithm is lossless, PSNR values and MSE values are calculated which are shown in Tables 11 and 12 where it can be analyzed that the PSNR and MSE values for the proposed work are zero and infinity respectively. Whereas the existing schemes show the PSNR and MSE values other than zero and infinity which means that the comparable scheme cannot be used where exact pixel values are required to retrieve.

Cropping attack analysis
While sending the encrypted images to the ground station, it is possible that the attacker may crop the image to destroy the original information (which is encrypted in the ciphertext image). To gauge the performance of the proposed work in terms of cropping attack analysis, a portion of the ciphertext image is cropped and then send to the ground station. It is decrypted at the receiver end, and it is analyzed that if the attacker cropped the encrypted image, the proposed algorithm is still able to decrypt the original image with little loss of information. Fig 10 shows the cropping attack analysis in which Fig 10(a) shows the cropped version of the ciphertext image and Fig 10(b) shows the decrypted image which is retrieved from the cropped version of the encrypted image. It is clear from Fig 10 that the proposed encryption algorithm can resist the cropping attack analysis.

Noise attack analysis
There is another category of attack that attackers can launch to shatter the original information. To perform the noise attack analysis for the proposed encryption algorithm, salt (S) and pepper (P) noise is added in the ciphertext image using Eq (29): Where i, j is the pixel position of the ciphertext image C in which the noise in the form of S and P is added. After the addition of noise in the ciphertext image, decryption is performed

PLOS ONE
through the proposed decryption algorithm, and it is found that the information in the decrypted image can be clearly visualized as can be seen in Fig 11. Although there is a little noise in the decrypted image, but perceptually there is no difference between the original and ciphertext image.

Keyspace analysis
Keyspace analysis can be used to evaluate that the weather the encryption scheme can resists the brute force attack or not. Brute force attacks refer to the number of possible combinations of the security keys. For the strong and secure encryption algorithm, the key size should be large enough to resist the brute force attack [79]. According to Alvazari [80], the key size should be at least 10 100 . In the proposed work, there are four security keys (x 0 , x 1 , r 0 , r 1 ) are used. As the sensitivity of the each key is 10 −15 , the key space of each key will be 10 + 15 . This means the total key space for keys used in the proposed work will be 10 15 � 4 which is approximately equal to 2 200 . Therefore, according to Alvazari's criteria, our algorithm can resist the brute force attack.

Key sensitivity analysis
The security strength also depends on the keys which are used in the encryption algorithm. It refers to a small change in the security keys generate significant different ciphertext image. To prove the proposed encryption algorithm is a key sensitive, a tiny change (Δ = 10 −15 ) made in  Fig 12(b). It can be seen that a tiny change in the security can led to decryption failure.

MSE and PSNR analysis
MSE is used to calculate the error between the plaintext and ciphertext image. For strong encryption, MSE values should be as high as possible. While PSNR is the reciprocal of MSE. Therefore, if the encryption algorithm offers strong security, the PSNR between the plaintext and ciphertext image will be low. These two metrics can be calculated using Eqs 27 and 28 respectively. In Table 13, MSE and PSNR values are displayed for the proposed and existing encryption schemes. The displayed values reveal that the proposed scheme works better than the existing encryption schemes in terms of PSNR and MSE.

Sensitivity analysis
Attackers often make a small change in plaintext image and encrypt it before and after this change. By comparing both the encrypted images, they find the relationship between such encrypted images. This attack is known as differential attack. To resists this attack, two wellknown metrics number of pixels' change rate (NPCR) and unified average changing intensity

PLOS ONE
can be used. NPCR and UACI can be calculated using Eqs 30 and 31 respectively [81].
Where, A and B represents the pixel rows and columns of the image. C 1 and C 2 are the two ciphertext images whose corresponding plaintext images have only pixel change. The difference matrix D(q, r) can be determined by C 1 and C 2 . If C 1 = C 2 , then D(q, r) = 0; otherwise. The larger the value of UACI and NPCR, the better encryption. Apart from UACI and NPCR, another metric known as Mean Absolute Error (MAE) is used to evaluate the performance of the encryption against differential attacks. Mathematically, it can be represented as; Where, C(q, r) and P(q, r) are the ciphertext and plaintext image, respectively. For better encryption, the value of MAE must be larger. The UACI, NPCR and MAE for the proposed and existing encryption schemes values are displayed in Tables 14-16 respectively. It can be analyzed from these values that the proposed encryption scheme works better and can resist the differential attack.

NIST-800-22
To assess the performance of random sequences, NIST-800-22 was designed. Based on the findings of the NIST test, one can identify whether the chaotic sequence is appropriate for use Moreover, the randomness of the sequence improves when the p value is larger. According to Table 17, the generated sequences in the proposed encryption algorithm pass all random tests.

Encryption computational time analysis
Apart from security analysis, time analysis is a critical metric for evaluating the performance of an encryption algorithm. The proposed encryption scheme is specifically designed for UAV applications where the encryption scheme must be time-efficient. For the encryption computational analysis, platform having a specification and 8GB of RAM is considered. Moreover, a built-in command in MATLAB called tic toc is used to calculate the processing time of the encryption and decryption. The platform to calculate the computational complexity for the proposed and existing work is kept the same. The processing time of the proposed and existing schemes is given in Table 18, and it can be seen that the proposed scheme is more suitable than the existing schemes for real-time applications.

Ciphertext only attack
In this case, the attacker has access to only the ciphertext image and if he does not know which encryption algorithm is used to generate that ciphertext image, this attack is the most difficult to successfully execute to decrypt the plaintext image, as it is also stated in [82]. In our case, the ciphertext image is generated using the confusion-diffusion mechanism, which is achieved by employing DWT, bit-plane extraction, XOR operation, and a few random sequences. According to the statistical analysis such as entropy, contrast, energy, and correlation, it might be very difficult to recover the plaintext image from the only ciphertext image. Therefore, the proposed encryption scheme can resist this attack.

Known plaintext attack
In this case, the attackers have few plaintext images and their ciphertext images. Based on the knowledge of plaintext-ciphertext pairs, the attackers try to find the secret keys used in the encryption algorithm so that a correct version of the original message can be recovered. To show the robustness of the proposed encryption algorithm against this attack, key-space analysis plays a vital role. From the key-space analysis, it can be seen that it is nearly impossible to find the correct encryption keys in a meaningful time slot. Therefore, the proposed encryption algorithm is resistive to known plaintext attack.

Chosen plaintext attack
To execute this attack successfully by the attack or cryptanalyst, several plaintext images are encrypted with the encryption algorithm to find the secret keys. From the key-sensitivity analysis, one can see that the secret keys used in the proposed encryption algorithm are sensitive. Even a minor change can make a huge difference in the decrypted image. Therefore, according to the key sensitive analysis, the proposed scheme can resist this attack.

Chosen ciphertext attack
In this case, the cryptanalyst has different ciphertext images and tries to decrypt them with the decryption algorithm. Again, the purpose of this attack is to find the original keys that are used to encrypt the meaningful message. The random sequences used in the proposed work are based on the initial conditions of the chaotic maps, which are highly sensitive, as shown in the key-sensitivity analysis. Therefore, according to such analysis, the proposed work can withstand a chosen ciphertext attack.

Conclusion
The proposed encryption scheme is especially designed for usage in real-time applications.
When it comes to real-time applications, they always need less time for encryption and computing. The bit-plane extraction technique and DWT are included in the proposed scheme in

PLOS ONE
order to make it appropriate for use in real-time applications. Only the most significant bit bit planes and low-frequency sub-bands are taken into consideration throughout the encryption process. This is because the majority of the plaintext information is located in these bit planes and sub-bands. In addition to this, several chaotic maps are incorporated in order to increase its level of security. These chaotic maps produce unpredictable sequences and random images for the purposes of confusion and diffusion. In order to evaluate how well the proposed scheme works, a number of security analysis, including entropy, energy, correlation, PSRN, and MSE are carried out. The results of such analysis are compared with those of the existing scheme, which demonstrates that the proposed scheme works more effectively than the existing schemes. In addition to the statistical analysis, several security attacks, including cropping, noise, and brute force attacks, are carried out on encrypted images that are encrypted using the proposed encryption scheme. It is demonstrated that the proposed encryption algorithm is capable of withstanding such attacks.